SAP Addresses Critical Vulnerabilities in December Security Updates Introduction to SAP’s Security Update On December 9, 2025, SAP released its latest security updates, addressing a total of 14 vulnerabilities present in various products. Among these, three vulnerabilities were assessed with critical severity. This release is particularly timely, as organizations worldwide prepare for year-end audits and…
JS#SMUGGLER Campaign Leverages Compromised Websites to Distribute NetSupport RAT Background and Context Cyber threats continue to evolve, becoming increasingly sophisticated and elusive to traditional cybersecurity measures. The JS#SMUGGLER campaign is a notable example of this trend, utilizing compromised websites to deliver the NetSupport Remote Access Trojan (RAT). Such tactics are not new; however, they represent…
OpenAI Responds to Allegations of Ads in ChatGPT Paid Plans Background and Context In recent weeks, users of OpenAI’s ChatGPT Plus subscription, which costs $20 per month, began reporting instances of what appeared to be advertisements within their chat interfaces. These assertions have ignited a debate among subscribers about the potential monetization strategies of AI…
Critical React2Shell Vulnerability Compromises Over 30 Organizations Overview of the React2Shell Flaw The recently identified React2Shell remote code execution vulnerability (CVE-2025-55182) poses a significant threat to cybersecurity, impacting more than 77,000 Internet-exposed IP addresses. Researchers have confirmed that cyber adversaries have leveraged this flaw to breach over 30 organizations across diverse sectors, indicating a widespread…
New Zero-Click Browser Attack Threatens Google Drive Integrity Background & Context The emergence of the zero-click agentic browser attack represents a significant escalation in cybersecurity threats, particularly targeting users of the Perplexity Comet browser. As reliance on cloud storage and integrated web services has grown, the need for robust security measures cannot be overstated. In…
Command Injection Vulnerability Discovered in Array AG Gateways: Urgent Action Required Overview of the Vulnerability JPCERT/CC recently issued a warning regarding the exploitation of a command injection vulnerability in Array Networks AG Series secure access gateways. This vulnerability has reportedly been active since August 2025, raising significant concerns about the security posture of its affected…
Critical Vulnerabilities in React Server Components Pose Serious Security Risks Introduction to the Vulnerability A maximum-severity security flaw has been disclosed in React Server Components (RSC), which could potentially allow unauthenticated remote code execution. This critical vulnerability, tracked as CVE-2025-55182 and codenamed React2shell, has garnered attention within the developer community due to its severity, carrying…
Korean Police Crack Down on Illicit Trade of Hacked IP Camera Footage Overview of the Incident The recent arrests made by the Korean National Police highlight a disturbing trend in the exploitation of technology. Four suspects are accused of orchestrating a large-scale operation that compromised over 120,000 IP cameras throughout South Korea. The hacked footage,…
India Mandates Pre-Installation of Cybersecurity App to Combat Telecom Fraud Background and Context In a significant move aimed at enhancing cybersecurity within the telecommunications sector, India’s Ministry of Telecommunications has mandated that all mobile device manufacturers preload the Sanchar Saathi app on new devices within a 90-day window. This initiative responds to increasing concerns over…
Tomiris Adopts Public-Service Implants to Enhance C2 in Government Target Attacks Background and Context The escalation of cyber warfare tactics has become increasingly evident in recent years, with groups like Tomiris adapting their methodologies to remain effective against evolving defenses. Founded around 2018, Tomiris has gained notoriety for its sophisticated attacks on both national governments…